REMARKS 



Claims 1-36 and 38-54 remain pending in the application. Reconsideration is 
respectfully requested in light of the following remarks. 

Section 103(a) Rejections ; 

The Examiner rejected claims 1-6, 8, 11, 14-17, 18-23, 25, 28, 31-43, 45, 48 and 
51-54 under 35 U.S.C. § 103(a) as being unpatentable over Funk (U.S. Patent 5,721,779) 
in view of Gasparini et al. (U.S. Publication 2004/0168083) (hereinafter "Gasparini"), 
claims 7, 24 and 44 as being unpatentable over Funk and Gasparini in view of Hirsch 
(U.S. Patent 4,479,1 12), claims 9, 10, 26, 27, 46 and 47 as being unpatentable over Funk 
and Gasparini in view of Kelly (U.S. Patent 5,475,757), and claims 12, 13, 29, 30, 49 and 
50 as being unpatentable over Funk and Gasparini. Applicant respectfully traverses these 
rejections for at least the following reasons. 

Regarding claim 1, contrary to the Examiner's assertion, Funk in view of 
Gasparini fails to disclose, wherein tlie user input is dependent on the machine- 
generated challenge such that the user input to transform the machine-generated 
challenge into the pass code is different for different machine-generated challenges . 

The Examiner admits Funk does not disclose the limitations above and relies on 
Gasparini. The Examiner cites Gasparini, paragraph [0030]. These passages describe 
various methods in which a web site may authenticate a user, none of which include the 
limitations of claim 1. For example, paragraph [0030], lines 3-7 states, "This may be a 
user identifier and password, but may also be a mother's maiden name, or other 
information that had been previously collected from the user or another source and stored 
in database 224." The paragraph goes on to describe the random selection of questions 
(e.g., pets name) to ask the user with expected answers stored in a database. In an 
alternate embodiment, described in Gasparini, the user need only access the web page at a 
certain time, from a specific IP address without being authenticated at all. Applicant 
asserts that nowhere does Funk or Gasparini describe user input that transforms the 
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machine-generated challenge into the pass code . Instead, Gasparini simply describes 
randomly selecting questions that must be answered correctly by the user. Clearly, no 
transformation of the machine-generated challenge takes place in Gasparini. 

Further, the challenge described in Gasparini is not machine generated . 

Instead, questions are randomly selected (e.g., mother's maiden name and pets name) 
from a list of questions generated by a human user and entered into the system. 

The Examiner rejected claim 18 under the same rationale as claim 1. However, 
the scope of claim 1 and claim 18 differs. For example, claim 1 recites, generating a 
response to the challenge from the user input received from the user input device, 
said response allowing the user to be validated against a stored record of the pass 
code. Claim 18 includes no such limitations. Claim 1 also differs from claims 35 and 
claim 36 differs from claim 38 in a similar fashion. Since the Examiner failed to 
address the differences between claims 1, 18, 35, 36 and 38 the Examiner has failed 
to state a prima fade rejection of the claims. 

Regarding claim 6, contrary to the Examiner's assertion, Funk in view of 
Gasparini fail to disclose, wherein providing a user with a challenge comprises 
displaying the challenge to the user. The Examiner cites Funk, Fig. 2, item 52, Fig. 3A 
- item 208, column 8, lines 9-11 and 30-34. These passages teach the existence of a 
terminal. The passages fail to disclose displaying the challenge to the user. For example. 
Funk column 8, lines 9-11 states, "In operation, the user can access the server by 
operating the terminal 20A." Applicant asserts a user accessing a terminal does not state 
or imply displaying the challenge to the user. Column 8, lines 30-34 states, "To respond 
to the challenge signal 26, the client generates a response signal 28 that represents the 
challenge signal 26 encrypted with the chent's password, S. The processor element 20 
generates the response signal 28 by operation of the selected one-way commutative 
function." Nowhere in this passage or anywhere else does Funk teach that the client (or 
any other system) displays the challenge to the user as required by the claim. In addition, 
as pointed out above, Gasparini fails to teach a machine-generated challenge and 
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therefore cannot be said to display a machine-generated challenge to the user. For the 
reasons described above, neither Gasparini nor Funk, taken in combination or separate, 
teach the limitations of claim 6. 

Claims 23 and 43 include limitations similar to claim 6, and so the arguments 
presented above apply with equal force to these claims as well. 

Regarding claim 8, contrary to the Examiner's assertion. Funk in view of 
Gasparini fails to disclose, wherein the user input from the user-input device is 
received as a set of one or more modifications to be applied to the challenge so that 
it matches the pass code allocated to the user. The Examiner cites Funk, column 4, 
lines 48-65. These passages teach a client system that encrypts a challenge signal with 
the password entered by a user. The result is a response signal that is transferred to a 
security system for authentication. Funk, column 4, lines 50-53 states, "The client can 
generate this response signal by employing the same one-way conmiutative function to 
encrypt the challenge signal, C, with one valid password." The password is simply a 
secret value known by the user. Column 3, lines 29-30 states, "Typically, the secret data 
value is a user password." Nowhere does Funk or Gasparini teach receiving user input 
from the user-input device as a set of one or more modifications to be apphed to the 
challenge so that it matches the pass code allocated to the user. Instead, both Funk and 
Gasparini simply teach receiving a user's pass code. 

Claims 25 and 45 include limitations similar to claim 8, and so the arguments 
presented above apply with equal force to these claims as well. 

Regarding claim 11, Funk in view of Gasparini fails to disclose, wherein said 
challenge has the same number of characters as the pass code allocated to the user. 

The Examiner cites Funk, column 4, lines 26-48. These passages teach a fiinction that 
generates a challenge signal. For example, column 4, lines 27-30 state, "In one example, 
the system encrypts the base number by operation of a one-way commutative fiinction 
that includes an exponential fiinction modulo a prime number." Applicant asserts that 
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nowhere does Funk or Gasparini teach the challenge has the same niimber of characters 
as the pass code allocated to the user. 

Claims 28 and 48 include limitations similar to claim 11, and so the arguments 
presented above apply with equal force to these claims as well. 

None of the other cited references overcome any of the above-noted deficiencies 
of Funk and Gasparini in regard to Applicant's claims. 

Applicant also asserts that numerous other ones of the dependent claims recite 
further distinctions over the cited art. However, since the rejections have been shown to 
be unsupported for the independent claims, a fiirther discussion of the dependent claims 
is not necessary at this time. 
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CONCLUSION 



Applicants submit the application is in condition for allowance, and notice to that 

effect is respectfully requested. 



If any fees are due, the Commissioner is authorized to charge said fees to 
Meyertons, Hood, Kivlin, Kowert, & Goetzel, P.C. Deposit Account No. 501505/5681- 
74900/RCK. 

Respectfully submitted, 

/Robert C. Kowert/ 

Robert C. Kowert, Reg. #39,255 
Attorney for Apphcant 



Meyertons, Hood, BCivlin, Kowert, & Goetzel, P.C. 

P.O. Box 398 

Austin, TX 78767-0398 

Phone: (512) 853-8850 

Date: January 21. 2008 
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